From 1204730924436ef9e1c7c49c9557837f9a5ed0e8 Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Wed, 8 Feb 2023 00:40:09 -0800 Subject: fork https://github.com/mattsta/mailweb --- .../files/modprobe.d/blacklist-iptables.conf | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 ansible/roles/disableFirewall/files/modprobe.d/blacklist-iptables.conf (limited to 'ansible/roles/disableFirewall/files/modprobe.d/blacklist-iptables.conf') diff --git a/ansible/roles/disableFirewall/files/modprobe.d/blacklist-iptables.conf b/ansible/roles/disableFirewall/files/modprobe.d/blacklist-iptables.conf new file mode 100644 index 0000000..4655374 --- /dev/null +++ b/ansible/roles/disableFirewall/files/modprobe.d/blacklist-iptables.conf @@ -0,0 +1,13 @@ +# Don't load iptables on startup (or ever)! + +# These look weird, but the 'blacklist' command still allows +# module insertion. +# +# This method defines a load-time alias so when you load the module, +# it runs a delegated command to load the module instead, but in +# the case of denying modules completely, just run nothing. +install ip6table_filter /bin/true +install iptable_filter /bin/true +install ip6_tables /bin/true +install ip_tables /bin/true +install x_tables /bin/true -- cgit v1.2.3